<?php
$token = "uLO7Snf3wFn7J0wanmJBMxQxeY_y5hlT1dhzvGEfZlGYqS2Og87VRibu55q";
$req = 'cmd=_notify-synch&tx='.$_GET["tx"]."&at=".$token;
/*/
foreach ($_GET as $key => $value) {
$value = urlencode(stripslashes($value));
$req .= "&$key=$value";
}
//*/

// post back to PayPal system to validate
$ppCurl = curl_init(); // initialize curl handle
curl_setopt($ppCurl, CURLOPT_POST, true); // set POST method
curl_setopt($ppCurl, CURLOPT_URL, "http://www.sandbox.paypal.com/cgi-bin/webscr"); // set url
curl_setopt($ppCurl, CURLOPT_POSTFIELDS, $req); // fields to POST
curl_setopt($ppCurl, CURLOPT_RETURNTRANSFER, true); // return var
curl_setopt($ppCurl, CURLOPT_TIMEOUT, 4); // time out after 5 secs
curl_setopt($ppCurl, CURLOPT_FAILONERROR, true);
curl_setopt($ppCurl, CURLOPT_FOLLOWLOCATION, true); // allow redirects
curl_setopt($ppCurl, CURLOPT_FRESH_CONNECT, true); // no caching
$result = curl_exec($ppCurl); // engage!

$curlErrorNum = curl_errno($ppCurl); // save error code; 0=none
$curlErrorText = curl_error($ppCurl); // save error message; ""=none
curl_close($ppCurl);

// assign posted variables to local variables
//$item_name = $_POST['item_name'];
//$item_number = $_POST['item_number'];
//$payment_status = $_POST['payment_status'];
//$payment_amount = $_POST['mc_gross'];
//$payment_currency = $_POST['mc_currency'];
//$txn_id = $_POST['txn_id'];
//$receiver_email = $_POST['receiver_email'];
//$payer_email = $_POST['payer_email'];

// parse the data
$lines = explode("\n", $result);
$keyarray = array();
if (strcmp ($lines[0], "SUCCESS") == 0) {
        for ($i=1; $i<count($lines);$i++){
                list($key, $val) = explode("=", $lines[$i]);
                $keyarray[urldecode($key)] = urldecode($val);
        }
        // check the payment_status is Completed
        // check that txn_id has not been previously processed
        // check that receiver_email is your Primary PayPal email
        // check that payment_amount/payment_currency are correct
        // process payment
        $firstname = $keyarray['first_name'];
        $lastname = $keyarray['last_name'];
        $itemname = $keyarray['item_name'];
        $amount = $keyarray['payment_gross'];

        echo ("<p><h3>Thank you for your purchase!</h3></p>");

        echo ("<b>Payment Details</b><br>\n");
        foreach ($keyarray as $key => $value) {
          $value = urlencode(stripslashes($value));
          echo "<li>$key: $value</li>\n";
        }
        echo ("");
} else if (strcmp ($lines[0], "FAIL") == 0) {
// log for manual investigation
        echo ("<p><h3>FAIL...</h3></p>");
}

?>